2876 matches found
CVE-2021-32791
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...
CVE-2021-32791
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...
The vulnerability of the EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate functions in the OpenSSL library for TLS and SSL protocols, related to integer overflow, allows attackers to cause service interruptions.
The vulnerability of the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions in the OpenSSL library for TLS and SSL protocols is related to a numerical overflow condition. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
CVE-2021-34687
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...
CVE-2021-34687
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...
CVE-2021-34687
CVE-2021-34687 affects iDrive RemotePC on Windows prior to 7.6.48. The vulnerability enables information disclosure where a man-in-the-middle can recover the system Personal Key during a LAN connection, because the key is transmitted over the network with only a substitution cipher for encryption.
CVE-2021-34687
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...
FreeBSD : go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (c365536d-e3cf-11eb-9d8d-b37b683944c2)
The Go project reports : crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...
Exploit for Improper Certificate Validation in Golang Go
POC for CVE-2021-34558 bash Run the malicious TLS server...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2206)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM InfoSphere Optim Performance Manager (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM InfoSphere Optim Performance Manager Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM InfoSphere Optim Performance Manager (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM InfoSphere Optim Performance Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...
go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters
The Go project reports: crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...
Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows
Summary OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used ...
Security Bulletin: Vulnerability in RC4 stream cipher affects GPFS V3.5 for Windows (CVE-2015-2808) / Enabling weak cipher suites for IBM General Parallel File System is NOT recommended
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSH for GPFS V3.5 for Windows. Additionally, with the recent attention to RC4 “Bar Mitzvah” Attack for SSL/TLS, this is a reminder to NOT enable weak or export-level cipher suites for IBM General Parallel File System GPFS. Vulnerability...
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library which has the surprising side-effect that if an application sets up multiple concurrent transfers the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario this weakens transport security significantly.
...
Huawei Data Communication: SSL is configured with an insecure algorithm
If the cipher-suite-list command contains insecure algorithms, the service that references this rule has security risks. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Insecure TLS Configuration
libcurl.so uses an insecure TLS configuration. The selected cipher set was stored in a single "static" variable in the library, and due to an error in code, the last cipher that is set would control the set used by all transfers...
OESA-2021-1216 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when...
AZL-6358 CVE-2021-22897 affecting package curl for versions less than 7.76.0-5
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...